Posted
by
Soulskill
on Wednesday January 23, 2013 @06:17AM
from the struggling-to-find-a-reasonable-punishment dept.

TrueSatan writes "Andrew Auernheimer doesn't appear suicidal, no thanks to U.S. prosecutors, yet he has been under attack for his act of altering an API URL that revealed a set of user data and posting details of same. 'In June of 2010 there was an AT&T webserver on the open Internet. There was an API on this server, a URL with a number at the end. If you incremented this number, you saw the next iPad 3G user email address. I thought it was egregiously negligent for AT&T to be publishing a complete target list of iPad 3G owners, and I took a sample of the API output to a journalist at Gawker.' Auernheimer has been under investigation from that point onward, with restrictions on his freedom and ability to earn a living that are grossly disproportionate to any perceived crime. This is just as much a case of legislative overreach and the unfettered power of prosecutors as was Swartz's case."

That seems to summarize the root of the problem quite well. Individually, I believe most Americans are quite sane and normal people. But as a whole, the USA has gone insane. It's caught in its own stupid system.

Individually, I believe most Americans are quite sane and normal people.

Normal people are highly unintelligent, so it's not a good thing that they're "normal." Sane? No one sane would accept the TSA, the Patriot Act, free speech zones, or hell, basically warrantless anything. They're both unintelligent and insane.

That assumes no skew. If you'd said "median", you'd be right. Assuming a small minority of bright sparks are pulling up the average, the bell-curve will be skewed to the left, and more than half of the population will be below the mean intelligence level. (I've made some assumption about what the curve really looks like, but I know similar logic applies to income levels, where a few mega-earners again pull up the mean.)

"The system" has been built bit by bit by those "sane and normal" American. You live in republic not dictatorship, remember? You can either have that warm feeling of superiority over you "land of free" OR you can pretend that "the system" is something you have no responsibility for. So next time you read about teen hounded to death by "the system", remember: it is also YOUR fault.

In general, the slashdot crowd voted for this. Obama sold the VP to the copyright industry for two terms before his first election: http://news.cnet.com/8301-13578_3-10024163-38.html

This issue has always been avoided by the slashdot crowd, and downvoted when Obama needed to be elected.

Biden, however, before Obama's first election, has made very clear that he wants hard prison time for copyright violators. This is his job, he was hired for it by the industry. You know, hard prison time for REAL persons. His sponsors are also public and well known.

So most of you voted for this. And are hypocrites now. Because you choose to ignore it, to get your man elected. Granted, the other man was worse, but had other sponsors. The hard prison time for REAL persons was ignored. So, Swartz' death is the collateral damage of your own actions and vote, and to make it worse, many are totally ignoring this while pointing fingers at "the government" and "the prosecutor", who are just implementing the administration's policy, which you voted for. Or even blame Fox.

So, practically speaking, what would you suggest those who voted for Obama had done instead? Abstain from voting all together? Then they'd be labeled as not participating in the system and "part of the problem". OK then, I guess we have to take it one step further: everyone who voted for Obama because "the other man was worse" should have ran for office themselves? In part, I agree.

I ran for State Representative in my state 4 years ago because my "representative" was running unopposed. Rather than complain for 4 months leading up to the election about how the system is so screwed up that many, many incumbents run unopposed, I paid the $200 (yes, it costs money to be on the ballot) and ran myself. I was a no-name, had no money to spend (I had just under $1k in donations that I used on yard signs and door hangers so I'd have a little chance). I even had a few neighborhood get togethers, one where our Senator attended (for which I was surprised, and very grateful) in support. Let me tell you, it's very disconcerting when you realize just how the parent post is correct, about having to spend enormous amounts of money. Of course, it's usually proportional to the office you're seeking.

What seems to always get overlooked, it seems to me, is that the root of the systematic problem in the US political system is the dire need for campaign finance reform. And I mean severe campaign finance reform. It's such a huge problem, the solution won't be easy, and it certainly won't be perfect. But it must be pushed by "we the people" or we'll be stuck in this two-party freak show.

Don't bet that financial reform helps; it may make things worse. In the US, running is expensive, but at least you can do it as an independent candidate. Here in Germany, nominally, running for office is cheap, but no independent candidate has ever been elected to German parliament. If you aren't part of one of the party machines, you don't have a chance. Furthermore, many seats in parliament are just given away by parties to their political cronies. You get an electrician without a college education trying

I voted for a third party candidate this year, and will probably every year going forward. Because the two main parties are the same old broken shit and are copies of one another. They pit people against themselves and offer the same exact solution, which is to say, not a solution, but just the same old stuff.

Isn't that exactly what he said? It doesn't matter how many charges it takes, facing a harsher sentence for this compared to manslaughter or rape is abhorrent.

It is the barbaric US concept of consecutive sentences that is the problem. If, say, copyright infringement has a maximum sentence of one year, but you've been found guilty of two hundred counts so you're going to jail for 200 years, that is simply obscene.

But I doubt that many people here would complain if it was for old-fashioned burglary or something. Then everyone would be in full "lock 'em up and throw away the key" mode.

Please note that murder (and all its variants) are State-level crimes (unless performed on a Federal agent/employee).

It would be more correct to say 'unless performed on Federal [i]land or property[/i]'. As a federal employee, if I was murdered in my home, the suspect would be tried in a state court, under state law. If a random civilian was killed on base though, it would go through a federal court.

There are added complexities with jurisdiction - if there's any question as to under who's aegis the act was committed, it's pretty much up to the court/prosecutors as to who will actually press the charges.

An example would be a drunk driver caught driving intoxicated onto base. If civilian, it'll typically be processed by the state - city or county level. If military, generally the military wants a piece of him, and will claim jurisdiction. In some cases, even if it happens downtown. Due to the UCMJ, a military member is ALWAYS under it's jurisdiction.

"Very few people enter into reasoned debate and bother to understand issues before voting on them."

My experience - which is failry limited, mind you, and also anecdotal, since of course I can't prove it, so take it as it is, an opinion - is that older generation [i.e. they and some or many of their ancestry is born american] americans seem to be more accepting than debate-oriented, vs. younger- or first-gen. americans, especially who are from mid-western european countries. The latter seem more willing to

Agree in part, but as long as 80% of the voters watch Fox News and attack ads and do what the rest of the 80% of America tells them to do we're going to end up with more of the same.

It's not just Fox News. CNN, MSNBC ABC are all pumping out filtered garbage too. It's sad, but the US is now the land of the sheep. Almost nobody thinks for themselves. The first amendment has become a joke, because the corporations have been allowed to buy all the news outlets, and they only let you see what they want yo

While I am no fan of Fox News, I gave up browsing news.google.com and started reading more Fox News. The reason... gun control. None of the other networks reported on anything reasonably in favor of the 2nd amendment. Every article they reported about gun control they immediately tied to the recent Newtown tragedy. There was such a libreal anti-gun and anti-2nd amendment bias that it just sickened me.

Did it not occur to you that perhaps the majority of people are actually in favour of gun control and it's not some "libreal" conspiracy?

The Constitution is also not a religious document to be worshiped for its own sake. The founders intended that should it no longer serve the interests of the people, it be updated. Personally I favor the 'updating' part as opposed to 'ignoring,' a more common practice.

The Second Amendment. Ah, the Second Amendment. Does the ban against nuclear, chemical, and biological weapons violate the Second Amendment? How about rocket-propelled grenades? Those are banned, so it seems like we have no qualms about -some-

"The system" has been built bit by bit by those "sane and normal" American. You live in republic not dictatorship, remember? You can either have that warm feeling of superiority over you "land of free" OR you can pretend that "the system" is something you have no responsibility for. So next time you read about teen hounded to death by "the system", remember: it is also YOUR fault.

The citizens are responsible for the system. I see two real problems. One is we have an electorate where a major percentage of the people cannot tell you anything much about how the system works. They can't tell you anything useful about the bill of rights or the constitution. Everyone knows about the first amendment and maybe the 2nd but ask them about the others and few can tell you anything. They certainly have no understanding of the issues currently being debated beyond whatever 30 second news byte they have seen. There is a sizable portion of the electorate who votes on things like who is most attractive, who has the best hair, who went on their favorite talk show or who makes the biggest claims about whatever pet cause they have. The end result of all of this is that the political system has effectively been on auto pilot for decades.

The other problem we have is that congress, in large part because the system has been on autopilot, has gotten really lazy and corrupt. A lot of the abuses we see are because of the run away power of administrative agencies. It used to be that congress passed actual laws that said in some detail what was to happen. Now they pass vague laws that say things like "administrative agency X will write regulations to achieve result Y". Where those regulations have the force of the law under which they were written. So a huge percentage of the "laws" that exist in this country are actually administrative regulations. In all probability most members of congress probably could not tell you what actual regulations came out of any given law that they passed. So in effect the vast majority of "laws" that we live under aren't laws at all they are regulations developed by a whole host of agencies that are, at best, minimally supervised by congress.

Where all of this becomes a problem is that the people at the agencies aren't elected. They don't really change, other than the appointed heads, after elections. Other than the budget process congress has very little ability to even impact what these people do. The end result is an ever more powerful bureaucracy. A Bureaucracy which is so vast, so powerful and so entrenched that even the President, who is supposed to control it, can't really tell what it is doing most of the time. Congress, having outsourced most of their job, is free to engage in the kind of shenanigans we have come to expect from them.

I don't know how we fix this. At this point the problem is so vast it maybe beyond fixing. I hope not because it is an ill omen for all of us if that is true. It would help a lot if the various administrative regulations had to be voted on by congress before they could go into effect. Unfortunately I have no idea how we would force them to do that. They certainly aren't going to volunteer since as it stands now they are relieved of all manner of drudgery involved with actually doing their jobs. My only suggestion is encouraging people to actually learn about the system. Learn about the hows and whys of how it is setup and operates. Learn about this history. An informed electorate is our only real hope. Sadly the electorate is going the other way fast.

Simple. Outlaw Bribery, i.e. Outlaw Lobbyists, Campaign Contributions, Perks, Promises of Jobs after your term, etc. There should be strict punishments for that type of corruption. Then the only people who'll want to do the job of governing are the people who actually care about people, not corporate and foreign interests. Vastly reduce the amount of classified information -- There's no reason we have to make shady (illegal) deals with enemies for diplomacy, we can put forth a stance and stick by it, and be open about the times when we say, sell a bunch of weapons to warlords for intel; The public will understand if you tell them why (if not, then you shouldn't be doing it, what have they got to hide?). Get rid of the redundant agencies, e.g., we have Police and FBI, we don't need Federal Police (DHS), that's a huge tax burden and they serve no purpose that a well armed public could not. Protip: The police can't protect you, after you or your loved ones are dead then they go after the bad guys; It's the citizen's job to protect themselves. Place a 6mo to 1yr probationary period for new laws so that knee jerk reactions like ridiculous gun control regs or things like the PATRIOT Act, or SOPA can easily get tossed out. Teach civics in school along with US history, EVERY YEAR, not just one course -- If ignorance is a big problem, then education is the answer. Ditch the current voting system and have votes be a prioritized list of candidates, so if your option #1 loses, then the votes are recalculated using your option #2, then repeat for #3 and so on removing candidates until there's one winner. This way you can show support for a 3rd (or 7th) party in your #1 vote, and still use #2 as your fall-back vote. It's not rocket science we have the technology.

Do I think ANY of that will happen? No, not at all. All of this is easier said than done, and most people are lazy and greedy; Unwilling to spend the money to change anything. Read the history books folks, nations begin with people having some degree of power & rights, then governments take those powers for themselves and reduce the citizen's rights and freedoms until shit hits the fan. Every Time. The only way to stop the cycle is to give the people back the control, and make the government accountable for their actions by the people. It seems the US is going the other direction... You can't let the government police itself! You don't put rats in charge of cheese! Rome wasn't built in a day, but it was destroyed in one, that day was September 4, 476.

Insane is when you post this as AC, because you live in the Land of the Free.

That's insane, alright, but it's not the country with the delusional paranoia. The US is fucking insane, but if there was a rankled bureaucrat that somehow took offense to "define sane", had sufficient power and time to find your post on Slashdot, could then decode your Slashdot identity, and finally track you down to persecute you... don't you think he'd be able to get your IP address?

I wish they would, there's a few things I really wish they knew. If actually getting through to (bomb) government and getting them (anthrax) to listen to sense (Cameron) means salting my posts with (revolution) a few keywords then it seems easier (overthrow the government) than going through official channels which seem to lead to/dev/null. (enormous nuclear explosion)

More precisely, the US has collectively been asleep for the last 35 or so years and has morphed into a corporatocracy [wikipedia.org], in which case the Justice Department is behaving as expected and protecting the interests of AT&T.

I think their aim is to put the guy in Jail, not court. Its worth repeating: this and Swartz's case are just a symptom of the two tiered justice system [salon.com] at work. Persecution ingrained at the Institutional level, it is not not just a few overzealous prosecutors as some apologists try claim.

two-tiered justice system — the way in which political and financial elites now enjoy virtually full-scale legal immunity for even the most egregious lawbreaking, while ordinary Americans, especially the poor and racial and ethnic minorities, are subjected to exactly the opposite treatment: the world’s largest prison state and most merciless justice system.

I'm just an observer (not an attorney or prosecutor), but I suggest the hypothesis that the two-tiered system is attributable to prosecutors being lazy and cowardly. The rich and powerful can take full advantage of legal tactics to draw out a trial and delay an inevitable verdict, even when they're guilty as hell. Thus, it is much costlier and more uncertain to prosecute a banker than a hacker. Prosecutors advance their careers and reputations by getting a lot of convictions. Their incentive is to go after the easy prey.

So, the way to fix this mess is to change the incentives for prosecutors so they are motivated to pursue the most harmful crimes, not the ones that are easiest to convict. Easier said than done.

It's more than going after the most harmful crimes, and requires perhaps a bit of a redefinition of the prosecutor's role.
A defense lawyer's role is to get his client off the hook by any (legal) means available. The prosecutor's role should not be the opposite of this, getting a conviction by any means. It should be to have justice prevaiL. That doesn't mean asking for a lighter sentence if there are some irregularities in the investigation, let the defense and the judge worry about that. It does mean

The key part missing in the current system is a check and balance on prosecutors (and who, what, and how much they charge). The original check and balance was supposed to be the jury of peers; but of course these days only 5% or less of people going to prison get a jury trial. So the first part of the solution is fairly simple: ban plea bargains, restore the fundamental right to a jury trial, and require every single charge to be confirmed by a jury of peers without exception.

I'm glad you added the preface. I'm not someone who thinks that massive copyright violations are a good idea, however there is a difference between copyright violations and theft. I really wish people would stop calling copyright violations theft.

From TFA: (the techcrunch statement)"Ivy league educated and wealthy, Aaron dealt with his indictment so badly because he thought he was part of a special class of people that this didn’t happen to. I am from a rundown shack in Arkansas. I spent many years thinking people from families like his [Swartz] got better treatment than me. Now I realize the truth: The beast is so monstrous it will devour us all. None will be spared."

Dump and humiliate instead of disclose "responsibly". That word applies to both parties; when a vulnerability is revealed "responsibly", and the end result is for the powers that be to act irresponsibly with no regard to measured response, what's the incentive to do good?

Delicacy is over. Expect nukes.

I'm just gonna grab the popcorn and enjoy how the restless kids will respond to the power high prosecutors expect to get massaged.

So publishing personally-identifying data for 114,000 people is in the security interests of society?

Auernheimer should've gone to AT&T to report the problem. I've done that myself several times and they've always been very receptive. They might not fix the problem quickly (they're a big company and move slowly), but I've never had them sic the US Attorneys on me for it.

So publishing personally-identifying data for 114,000 people is in the security interests of society?

At this point, yes.

There are three things that could have happened. He could have gone through the "proper channels," and, since a middle manager somewhere would need to be embarrassed, he'd still be up shit creek without a paddle. He could have did what he did, publicly humiliated AT&T and made the 114,000 individuals affected acutely aware that AT&T had failed them.

OR, he could have done nothing. Perhaps that's the correct response. Instead, some black hat in $scary_country would have discovered it and exploited it without making anyone aware.

The whole beef I have with prosecuting for "hacking" in this manner is that he merely asked AT&T's server for information, and it merrily complied. To me, it sounds like this case is even more clear-cut than Swartz's case. He didn't break and enter. He didn't place unauthorized equipment in a network closet. He didn't even abuse a relationship of trust between a publisher and a college. All he did was show that all you need to do is politely ask the server for information, and it would happily give it to you.

Auernheimer should've gone to AT&T to report the problem. I've done that myself several times and they've always been very receptive. They might not fix the problem quickly (they're a big company and move slowly), but I've never had them sic the US Attorneys on me for it.

Consider yourself lucky. Or perhaps they know you'd fight back because you're older and have the resources to do so. Going after successful professionals (I can only assume you are) isn't very good for bullies. Bullies need targets they know they can safely victimize. So here we are.

"Responsibly" like the report of a Java vulnerability in August, that exploded in everyone's face after Oracle sit on that report for months?

The problem is not the people that find and report the problem in a way or another (and advising the users too, just because there are too many cases like Oracle). Is the ones that find and exploit it silently.

Law is (in some cases, literally) killing the messenger, if you find something that could be exploited, better don't tell anyone because even reporting it to the company could get you in trouble too. Eventually someone in the dark side will exploit it (if is not doing that already) but is not your problem, maybe is even designed that way to always get fresh 0-day exploits for the new generation of Stuxnet (lawyers are involved, you can't attribute that to stupidity)

Yes, US Attorneys are the most powerful, and least controlled, people in our government. Even the president has more checks and balances on his power than what these guys get away with.

A US Attorney is trying to seize the assets of a friend of mine, who is guilty of doing nothing but leasing land to some farmers, that grew pot on it without his knowledge. He's running into debt fighting the case, but the US Attorney is going full bore anyway, since it doesn't cost *him* anything to try to make an example out of someone.

I think we should institute loser-pays in all lawsuits involving US Attorneys. (Unless we have this already? I don't know.) There's a reason why 90%+ of all cases with them are plea bargained out - the US Attorneys have effectively unlimited resources, and can drain you dry fighting them.

n 2009, the 69-year-old owner, Russ Caswell, received a letter from the DOJ indicating the government was pursuing a civil forfeiture case against him with the intention of seizing his family's motelâ"it was built in 1955 by Russ's fatherâ"and the surrounding property. Ms. Ortiz's office asserted that the motel had been the site of multiple crimes by its occupants over the years: 15 low-level drug offenses between 1994 and 2008 (out of an estimated 125,000 room rentals). Of those who stayed in the motel from 2001 to 2008,.05% were arrested for drug crimes on the property. Local and state officials in charge of those investigations never accused the Caswells of any wrongdoing.

Nor is the U.S. attorney charging Russ Caswell with a crime. The feds are using a vague but increasingly common procedure known as civil asset forfeiture. In criminal forfeiture, after a person is convicted of a crime the state must prove that the perpetrator's property had a sufficiently strong relationship to the crime to warrant seizure by the government. In civil forfeiture proceedings, the state asserts the property committed the crime, andâ"under civil lawâ"the burden of proof is on the defense to demonstrate their property is innocent.

"I've found... I'm responsible for the action of people I don't even know, I've never even met, and for the most part I have no control over them," Mr. Caswell told WBUR Boston. "And when they do something wrong, the government wants to steal my property for the actions of those people, which to me makes absolutely no sense. Itâ(TM)s more like we're in Russia or Venezuela or something."

According to the sworn testimony of a DEA agent operating out of Boston, it was his job to comb through news stories for properties that might be subject to forfeiture. When he finds a likely candidate, he goes to the Registry of Deeds, determines the value of the property in question, and refers it to the U.S. attorney for seizure. It is DEA policy to reject anything with less than $50,000 equity. -- Carmen Ortiz's Sordid Rap Sheet [whowhatwhy.com]

The US Attorney's office is a breeding ground for monsters, and it certainly isn't any better under the current administration than previous ones.

In the old Roman Empire, this kind of property seizure was done by emperors like Caligula using similar methods.

There's a reason why 90%+ of all cases with them are plea bargained out - the US Attorneys have effectively unlimited resources, and can drain you dry fighting them.

That's not true. Large corporations kick their asses every day due to the budgetary restrictions on the Justice Department. Large Banks and Investment Firms, Big Pharmaceuticals, etc. can out maneuver and spend the government. They can, and do, drag a case on for years and turn it into a war of attrition. And because everyone in the US loves a winner and abhors a loser, US Attorneys look for easy victories, as picking on David is easier to do than fight Goliath.

As for the the large amount of plea bargains, that relates to all accused persons--not just the innocent ones. The fact of the matter is, the vast majority of folks being prosecuted are guilty of the crime they are accused of. So, if you are guilty, taking a deal for a lighter sentence in return for not costing the government huge sums of money to prosecute your case only makes sense...

If it applies to innocents as well as the guilty, taking a deal is completely irrelevant and unrelated to actual guiltiness. Thus, you can't use the number of deals as measure to estimate that a majority is guilty.

a case of a bunch of clueless pricks in the legal system extending jurisdiction to a field they have no knowledge of but feel they need to be responsible for. The fact that the people involved are not so embarrassed that they automatically resign when these acts come to light but instead defend their position also speaks volumes.

No, this is the system. We have, as a matter of law, declared that "it goes down like the big corporation thought it would go down." So, no proof of mortgage, merely a letter of intent to convey? Foreclose the fuckers, its close enough. No witness to transaction? Robosign. The law is not overly broad by accident, it is overly broad by design.

kim.com has his megakey system which works as an ad blocker but replaces existing advertisments on web pages with ads served by mega. There has already been some rumbling from advertisers and web page publishers that changing a web page in this way violates their copyright. So is it always going to be legal for me to view source on a web page and view it in my preferred way?

Likewise, I can put any address I like into the URL bar but these guys are being prosecuted for doing that. Isn't it their web browser?

and saw something I wasn't expecting to see. I should have told my sorry story to a journalist at The Onion!"Area man, who miss typed a URL and saw something he didn't expect to see, is now under expensive investigation"In a comment, average taxpayer stated "This is definitely the right way to spend tax dollars and why I am proud to be a taxpayer."

The problem is that the law makes it a crime for 'unauthorized' access, but allows the 'victim' to detrtmin whatwas 'unauthorized' *after* the fact and for a public offering that is automated.

It is as if someone puts a stack of newspapers on a sidewalk with a sign that says 'free' and then asking the DA to prosecute for 'theft' anyone they don't like that took them upon their offer and took more then one. I.e.they decide afterwards that one is The 'limit' and the sign just says 'free'.

Oh and these sleazy DAs count each URL issued as a separate count of the 'crime' with a penalty of 5 years and $300,000 possible on each count of 'unauthorized access'.

It is all to appear 'tough on crime' for their next election. And, yes, they have all the resources of their office to put on your case against you.

Fair? No. Disproportionate penalty for the 'crime'? Certainly. It is really a contract dispute - a civil matter, not criminal.The law is just wrong. Make your vote count on these issues and hold your legislators and judiciary oversight officials accountable in the voting booth.

Yes, people should use their voting power to stop this insanity. Only catch here is that most of the people are coming to vote after watching some TV news/shows with the same prosecutor, and not after reading Slashdot. These same people then are found sitting in the jury box, listening to the same prosecutor, who then colorfully portrays the defendant as a master criminal, evil genius hacker on the level of Bond's villains. And the wheel continues to roll.

Easiness of access doesn't mean that access is allowed. It's not a zero sum game. If I leave my house unlocked and it gets ransacked, I'm an idiot and deserve blame for the trouble. But the person doing the ransacking doesn't lose any of the blame for his own part.

There's history. Humans aren't allowed to hand-edit URLs now, according to the US legal system. The first case I remember was someone going up a directory tree, and then playing clicky with the other directories he found.

In that case, and this, every single 'GET' request they were complaining about was one which was responded to with data, not a 403 (or other) error. In my view, as someone with a technological bent, that means that their webserver had vetted the request, and decided that the access was authorised. And therefore not 'unauthorised'.

Due to the lack of any consideration, this isn't contract law. But you're right, it certainly shouldn't be criminal to edit a URL, or to accept (which is what the client does) what is freely offered (which is what the server does). The courts don't seem to understand that *the server is in control*, it is *responsible for everything that gets transmitted* - that's its sole job.

Stephen Heymann is to "computer crime" prosecutorial zealotry like China is to Expionage hacking.
Stephen Heymann is the poster child for this kind of overreach when it comes to prosecuting so called "computer crimes"
He has written papers and lobbied for more harsher penalities and easier access to data without a warrant to prosecute "computer criminals"

Here in the Netherlands we had a similar thing just before Christmas. Someone had altered a URL on the website of our monarchy and in this way found the Queen's Christmas speech that was to be broadcasted on Christmas Day (logically). He made that public and there was some consternation about whether or not this was a punishable act, but mainly about how our government fails in securing their internet activities tima and time again. The person who had found the speech was not prosecuted and the speech was broadcasted as planned.

As far as I know - this guy highlighted a security flaw that exposed private data to the world. This meant he knew that that data was private and should not be maliciously exploited. He then wrote an application that accessed that data maliciously. The first bit is laudable. The second bit is as stupid as it gets given that he'd just told the company this sensitive data was exposed.

Under EU law at least AT&T would be in trouble for violating privacy laws, they didn't protect private customer data and that is a violation.

So what was the reason this guy who went to a reporter (not just published the list or sold it) prosecuted? And why is there no link of said reporter defending his source?

This case could not have happened in say my own country. There have been cases were it was TRIED but the judges slapped it down hard. So... what part is missing from the story (we are reading just one side of it) or is the US really that different? I can't imagine the US has no privacy laws at all that AT&T would not have violated by making data so easely available. Can't someone bring a case against AT&T? Making this guy evidence in a far great case, possibly worth some outrageous sum in a settlement and worthy as a bargaining chip to get this case dropped?

What is missing from this story? Because on its own it seems to make no sense. Why should AT&T risk bad publicity when a simple "don't do that again" would have buried the story years ago.

The problem is Federal Prosecutors pick a career-building target and then shop for a crime. Big Criminals are too much work, but small fry like Aaron don't have the resources to fight back so all they have to do is bully them into taking a plea bargain and then bask in the glory. It's been going on for a long time and many people have been swallowed up, but the media usually never reports it:http://books.google.com/books?id=Tu5RB6YHf10C&pg=PP1&lpg=PP1&ots=51Ya4U8XFt&dq=lynch+in+the+name+of+justice [google.com] (Go to page 43 of this Google Books preview).

There was never any serious question about Swartz commiting the crimes he was charged with (video tape of him doing it, his fingerprints on the HD inside the laptop, etc.),

There is absolutely reasonable doubt that the actions Swartz took were against the law. There is no doubt that he placed a laptop in a utility closet in MIT and downloaded articles for redistribution. But whether that was against the law is for a jury to decide. Note that no security, physical or electronic, was ever broken.

honestly a 6 month sentece would have been about right.

If a 6 months sentence was appropriate, he should gotten a jury trial on that 6 months charge. But if he wanted to exercise his right to a trial, he'd be hit with 35 years. Do you not see the problem with that? Plea bargaining is plainly unjust.

Excuses, excuses. The fact is 35 years for what Swartz did is absolutely unconscionable. Whatever legalistic reasons you can come up with for the charge of 35 years is simply proof that our legal system is unjust. This is not how a justice system works, this is how a justice system fails.

This guy is nothing but an attention whoring internet troll. He did what he did for nothing more than to try to publicly shame AT&T in the most irresponsible way possible, and generally goes out of his way to cause trouble all over the internet. He had no sense of care for the data he was putting under the public spotlight instead of sensibly disclosing the vulnerability to AT&T. For him to suggest he did because of AT&T's "egregiously negligence" yet chose himself to make the most egregiously negligent response is hypocritical to say the least.

I have no sympathy for this Weev guy. Do not liken his situation to Aaron Swartz. That would be doing a massive disservice to his memory. Tools like this should get what is coming to them.

Yeah and, if what I read on wired [wired.com] is true, this guy should probably get the book thrown at him:

Spitler: I just harvested 197 email addresses of iPad 3G subscribers there should be many more weev: did you see my new project?

Auernheimer: no

Spitler: I’m stepping through iPad SIM ICCIDs to harvest email addresses if you use someones ICCID on the ipad service site it gives you their address

Auernheimer: loooool thats hilarious HILARIOUS oh man now this is big media news is it scriptable? arent there SIM that spoof iccid?

Spitler: I wrote a script to generate valid iccids and it loads the site and pulls an email

Auernheimer: this could be like, a future massive phishing operation serious like this is valuable data we have a list a potential complete list of AT&T iphone subscriber emails

Spitler: I hit fucking oil

Auernheimer: loooool nice

Spitler: If I can get a couple thousand out of this set where can we drop this for max lols?

Auernheimer: dunno i would collect as much data as possible the minute its dropped, itll be fixed BUT valleywag i have all the gawker media people on my facecrook friends after goin to a gawker party

At one point the two discussed the legal risks of what they were allegedly doing:

Spitler: sry dunno how legal this is or if they could sue for damages

Auernheimer: absolutely may be legal risk yeah, mostly civil you absolutely could get sued to fuck

At the same time, others on the IRC chat allegedly discussed the possibility of shorting AT&T’s stock.

Pynchon: hey, just an idea delay this outing for a couple days tommorrow short some at&t stock then out them on tuesday then fill your short and profit

Rucas: LOL

Auernheimer: well i will say this it would be against the law for ME to short the att stock but if you want to do it go nuts

Spitler: I dont have any money to invest in ATT

Auernheimer: if you short ATT dont let me know about it

Spitler: IM TAKIN YOU ALL DOWN WITH ME SNITCH HIGH EVERYDAY

In the wake of news stories about the breach, they allegedly discussed their failure to report the vulnerability to a “full disclosure” mailing list, as well as the opportunity to push their Goetse Security business as a result of the breach:

Nstyr: you should’ve uploaded the list to full disclosure maybe you still can

Auernheimer: no no that is potentially criminal at this point we won

Nstyr: ah

Auernheimer: we dropepd the stock price

Auernheimer: lets not like do anything else we fucking win and i get to like spin us as a legitimate security organization

Sound like some classy fellows there. It's a shame for Swartz that he's being lumped in with this guy. At some point, I hope Slashdot pulls its collective head out of its own ass and realizes that these aren't black and white issues and stops comparing them to things that were like the Civil Rights Movement. Auernheimer: "this could be like, a future massive phishing operation serious like this is valuable data we have a list a potential complete list of AT&T iphone subscriber emails"... yeah, no criminal intent there.

Here's what I've learned recently: If I ever discover a major security hole, do not even attempt to release it responsibly. Instead, layer up behind some proxies and Tor and leak it into a blackhat forum or IRC channel. That way the security hole will eventually get fixed, and I can't be prosecuted.

Or, shut the heck up and forget you ever saw it. I've done EXACTLY the kind of "hacking" they're talking about; sometimes out of curiosity, more often just trying to get past a broken link. I recall about 10 years ago I came across a list of USN ballistic missile sub deployments... don't know if it was classified, but I backed out of there fast, wiped the browser history and cache, and kept my mouth shut (well, until now).

Andrew Auernheimer, aka 'weev', former president of the trolling group GNAA, was not doing this out of some kind of altruism. He did not do this to point out the vulnerability. By his own admittance, "[he] did this because [he] despised people [he] think[s] are unjustly wealthy and wanted to embarass them."

In a lot of places jury pay is way under min wage and some people can't just pay to miss work for a long trial.

Also there are a lot's of tech cases where a jury made up people who know about tech is needed and the system that we have now may have so you only get 1 person on the jury that knows about IT and can drive there views on to the full group.

We need a responsible disclosure law. Following the law should do two crucial things: 1) indemnify the security researcher and 2) indemnify the company if they fix the problem in some reasonable amount of time. Not following the law should leave you at the mercy of the courts.

The law could require the researcher to notify the company/organization, or allow them to notify some responsible body like CERT or the FBI. If the problem is not fixed by some deadline, then the researcher should be able to disclose or sell the information as they choose with no criminal charge or liability.